Lucene search

CiscoCISCO-SA-20160928-SMI

HistorySep 28, 2016 - 4:00 p.m.

Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

2016-09-2816:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi”]

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-56513”].

Affected configurations

Vulners

Node

ciscoiosMatch12.2se

ciscoiosMatch12.2ex

ciscoiosMatch12.2ey

ciscoiosMatch12.2ez

ciscoiosMatch15.0ey

ciscoiosMatch15.0se

ciscoiosMatch15.1sg

ciscoiosMatch15.0ex

ciscoiosMatch15.0ea

ciscoiosMatch15.2e

ciscoiosMatch15.0ez

ciscoiosMatch15.2ey

ciscoiosMatch15.0ej

ciscoiosMatch15.2eb

ciscoiosMatch15.2ea

ciscocisco_iosMatch3.2sexe

ciscocisco_iosMatch3.3sexe

ciscocisco_iosMatch3.3xoxe

ciscocisco_iosMatch3.5exe

ciscocisco_iosMatch3.6exe

ciscocisco_iosMatch3.7exe

ciscocisco_iosMatch3.8exe

ciscoiosMatch12.2\(55\)se

ciscoiosMatch12.2\(55\)se3

ciscoiosMatch12.2\(55\)se2

ciscoiosMatch12.2\(58\)se

ciscoiosMatch12.2\(55\)se1

ciscoiosMatch12.2\(58\)se1

ciscoiosMatch12.2\(55\)se4

ciscoiosMatch12.2\(58\)se2

ciscoiosMatch12.2\(55\)se5

ciscoiosMatch12.2\(55\)se6

ciscoiosMatch12.2\(55\)se7

ciscoiosMatch12.2\(55\)se8

ciscoiosMatch12.2\(55\)se9

ciscoiosMatch12.2\(55\)se10

ciscoiosMatch12.2\(55\)ex

ciscoiosMatch12.2\(55\)ex1

ciscoiosMatch12.2\(55\)ex2

ciscoiosMatch12.2\(55\)ex3

ciscoiosMatch12.2\(55\)ey

ciscoiosMatch12.2\(55\)ez

ciscoiosMatch15.0\(1\)ey

ciscoiosMatch15.0\(1\)ey2

ciscoiosMatch15.0\(1\)se

ciscoiosMatch15.0\(2\)se

ciscoiosMatch15.0\(1\)se1

ciscoiosMatch15.0\(1\)se2

ciscoiosMatch15.0\(1\)se3

ciscoiosMatch15.0\(2\)se1

ciscoiosMatch15.0\(2\)se2

ciscoiosMatch15.0\(2\)se3

ciscoiosMatch15.0\(2\)se4

ciscoiosMatch15.0\(2\)se5

ciscoiosMatch15.0\(2\)se6

ciscoiosMatch15.0\(2\)se7

ciscoiosMatch15.0\(2\)se8

ciscoiosMatch15.0\(2\)se9

ciscoiosMatch15.0\(2a\)se9

ciscoiosMatch15.1\(2\)sg

ciscoiosMatch15.1\(2\)sg1

ciscoiosMatch15.1\(2\)sg2

ciscoiosMatch15.1\(2\)sg3

ciscoiosMatch15.1\(2\)sg4

ciscoiosMatch15.1\(2\)sg5

ciscoiosMatch15.1\(2\)sg6

ciscoiosMatch15.1\(2\)sg7

ciscoiosMatch15.0\(2\)ex

ciscoiosMatch15.0\(2\)ex1

ciscoiosMatch15.0\(2\)ex2

ciscoiosMatch15.0\(2\)ex3

ciscoiosMatch15.0\(2\)ex4

ciscoiosMatch15.0\(2\)ex5

ciscoiosMatch15.0\(2\)ex6

ciscoiosMatch15.0\(2\)ex7

ciscoiosMatch15.0\(2\)ex8

ciscoiosMatch15.0\(2a\)ex5

ciscoiosMatch15.0\(2\)ex10

ciscoiosMatch15.0\(2\)ex11

ciscoiosMatch15.0\(2\)ea1

ciscoiosMatch15.2\(1\)e

ciscoiosMatch15.2\(2\)e

ciscoiosMatch15.2\(1\)e1

ciscoiosMatch15.2\(3\)e

ciscoiosMatch15.2\(1\)e2

ciscoiosMatch15.2\(1\)e3

ciscoiosMatch15.2\(2\)e1

ciscoiosMatch15.2\(2b\)e

ciscoiosMatch15.2\(4\)e

ciscoiosMatch15.2\(3\)e1

ciscoiosMatch15.2\(2\)e2

ciscoiosMatch15.2\(2a\)e1

ciscoiosMatch15.2\(2\)e3

ciscoiosMatch15.2\(2a\)e2

ciscoiosMatch15.2\(3\)e2

ciscoiosMatch15.2\(3a\)e

ciscoiosMatch15.2\(3\)e3

ciscoiosMatch15.2\(3m\)e2

ciscoiosMatch15.2\(4\)e1

ciscoiosMatch15.2\(2\)e4

ciscoiosMatch15.2\(4m\)e1

ciscoiosMatch15.0\(2\)ez

ciscoiosMatch15.2\(1\)ey

ciscoiosMatch15.0\(2\)ej

ciscoiosMatch15.0\(2\)ej1

ciscoiosMatch15.2\(2\)eb

ciscoiosMatch15.2\(2\)eb1

ciscoiosMatch15.2\(2\)eb2

ciscoiosMatch15.2\(2\)ea

ciscoiosMatch15.2\(2\)ea1

ciscoiosMatch15.2\(2\)ea2

ciscoiosMatch15.2\(3\)ea

ciscoiosMatch15.2\(4\)ea

ciscoiosMatch15.2\(4\)ea1

ciscoiosMatch15.2\(2\)ea3

ciscoiosMatch15.2\(4\)ea3

ciscoiosMatch15.2\(4\)ea2

ciscocisco_iosMatch3.2.0sexe

ciscocisco_iosMatch3.2.1sexe

ciscocisco_iosMatch3.2.2sexe

ciscocisco_iosMatch3.2.3sexe

ciscocisco_iosMatch3.3.0sexe

ciscocisco_iosMatch3.3.1sexe

ciscocisco_iosMatch3.3.2sexe

ciscocisco_iosMatch3.3.3sexe

ciscocisco_iosMatch3.3.4sexe

ciscocisco_iosMatch3.3.5sexe

ciscocisco_iosMatch3.3.0xoxe

ciscocisco_iosMatch3.3.1xoxe

ciscocisco_iosMatch3.3.2xoxe

ciscocisco_iosMatch3.5.0exe

ciscocisco_iosMatch3.5.1exe

ciscocisco_iosMatch3.5.2exe

ciscocisco_iosMatch3.5.3exe

ciscocisco_iosMatch3.6.0exe

ciscocisco_iosMatch3.6.1exe

ciscocisco_iosMatch3.6.0aexe

ciscocisco_iosMatch3.6.0bexe

ciscocisco_iosMatch3.6.2aexe

ciscocisco_iosMatch3.6.3exe

ciscocisco_iosMatch3.6.4exe

ciscocisco_iosMatch3.7.0exe

ciscocisco_iosMatch3.7.1exe

ciscocisco_iosMatch3.7.2exe

ciscocisco_iosMatch3.7.3exe

ciscocisco_iosMatch3.8.0exe

ciscocisco_iosMatch3.8.1exe

ciscocisco_iosMatch3.8.2exe

VendorProductVersionCPE
ciscoios12.2secpe:2.3:o:cisco:ios:12.2se:*:*:*:*:*:*:*
ciscoios12.2excpe:2.3:o:cisco:ios:12.2ex:*:*:*:*:*:*:*
ciscoios12.2eycpe:2.3:o:cisco:ios:12.2ey:*:*:*:*:*:*:*
ciscoios12.2ezcpe:2.3:o:cisco:ios:12.2ez:*:*:*:*:*:*:*
ciscoios15.0eycpe:2.3:o:cisco:ios:15.0ey:*:*:*:*:*:*:*
ciscoios15.0secpe:2.3:o:cisco:ios:15.0se:*:*:*:*:*:*:*
ciscoios15.1sgcpe:2.3:o:cisco:ios:15.1sg:*:*:*:*:*:*:*
ciscoios15.0excpe:2.3:o:cisco:ios:15.0ex:*:*:*:*:*:*:*
ciscoios15.0eacpe:2.3:o:cisco:ios:15.0ea:*:*:*:*:*:*:*
ciscoios15.2ecpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	12.2se	cpe:2.3:o:cisco:ios:12.2se:::::::*
cisco	ios	12.2ex	cpe:2.3:o:cisco:ios:12.2ex:::::::*
cisco	ios	12.2ey	cpe:2.3:o:cisco:ios:12.2ey:::::::*
cisco	ios	12.2ez	cpe:2.3:o:cisco:ios:12.2ez:::::::*
cisco	ios	15.0ey	cpe:2.3:o:cisco:ios:15.0ey:::::::*
cisco	ios	15.0se	cpe:2.3:o:cisco:ios:15.0se:::::::*
cisco	ios	15.1sg	cpe:2.3:o:cisco:ios:15.1sg:::::::*
cisco	ios	15.0ex	cpe:2.3:o:cisco:ios:15.0ex:::::::*
cisco	ios	15.0ea	cpe:2.3:o:cisco:ios:15.0ea:::::::*
cisco	ios	15.2e	cpe:2.3:o:cisco:ios:15.2e:::::::*

Rows per page:

1-10 of 1481

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Related for CISCO-SA-20160928-SMI